5 Ways cybercriminals are using AI: Content localization

Over the last several weeks we have been exploring artificial intelligence (AI) and how threat actors use it to elevate their attacks. This post takes a closer look at how criminals can improve their cyberattacks through AI-enhanced content localization.

What is Content Localization?

Let’s start with an overview of content localization because it is often thought of as simple content translation. Professionals who work with localization will tell you that it is much more than translating content from one language to another.  There are cultural, linguistic, and other characteristics that must be understood and embedded in the final product. Here are some of the considerations that fall within the domain of content localization:  

• Terminology management is the process of systematically collecting, managing, and updating industry terms and ‘jargon.’ This requires defining each term and translating it in a way that maintains consistency across different languages and currencies. This work also ensures that terms are standardized and provides guidance on the use of specific terminology. This work is especially important for global relations and multinational business.
  
• Controlled language authoring is a technique that uses predefined rules or guidelines to restrict the complexity of the language and grammar in a text. It is used in technical writing, instruction manuals, and other documentation that requires clear and direct communication.
• User experience and technical adaptation refer to changes in the directionality or character sizes, date and time formats, and currency and measurement units. Appropriate layout and visual presentation depend on a thorough understanding of these practices and the meaning or importance attached to certain colors and images.
• Legal issues and regulatory compliance must be considered. A single sales message that is legal in one country could be illegal in another. Localization involves understanding the applicable regulations around data privacy, censorship, and advertising standards.
• Transcreation is the process of taking a concept in one language and completely recreating it in another language, with cultural references and nuances crafted into the new message. The term comes from ‘translation’ and ‘creation,’ and is sometimes called ‘creative translation.’ This article from Digital.gov explains the challenges of recreating content from USAGov for  USAGov en Español, and provides a good example of how localization goes beyond translation.  

You’ve probably been on the receiving end of poor localization if you’ve ordered a product from another country and your instruction manual had obvious language issues. If not, please enjoy this excerpt from the instruction manual for the Bike Tower-3100:

The translated text reads: 

"In this instructions, we explain some duties to you as below for keeping your and your neighborhood's safety from any troubles.

We show you three signs which explain some kind of degees when you ignore our attentions as below;"

This quality of translation is common because automatic word-for-word translation services like Google Translate services are inexpensive and widely accessible. Real localization can be expensive because real people are required to make the content look and feel like it was created specifically for that locale.

Although human intervention is required for high-quality localization, there are many good uses for AI and GenAI in content localization. MagellanTV uses GenAI and machine learning (ML) to facilitate the translation of its documentaries for other regions. The AI performs language and idiom translation and shortens the sentences as needed to meet the time constraints of each show.  MagellanTV reports they have been able to reduce translation costs from $20 per minute to $1 per minute, and that cost reduction has allowed them to expand into more languages.

Online retailers regularly use AI technologies to localize product descriptions, colors, images, and promotional campaigns. With proper learning and rules in place, an AI system can support a personalized shopping experience that appears to have been created specifically for the local market.

Content localization and cyberattacks.

You can think of AI localization as a tool that supercharges the AI-powered phishing attacks we covered here. According to the 2023 Annual Threat Assessment of the U.S. Intelligence Community, the top countries targeted for cyberattacks are the United States, its allied countries, and partner countries. The top countries of origin for cyberattacks are reported to be China, Russia, and Iran. These countries focus heavily on espionage, disruption, and propaganda/influence. AI-enhanced content localization can eliminate grammatical errors, standardize the manner of speaking, and learn from attacks and responses. Phishing attacks target industries like defense, energy, biotechnology, and other manufacturing and infrastructure. These industries all have industry-specific language that AI can learn quickly. This use of AI can also help threat actors learn the idioms and jargon of the target language, which helps them script more convincing deepfakes and voice-phishing (vishing) attacks.

Nation-state actors that attempt to influence public opinion and political outcomes in other countries rely heavily on sounding like they are local. This is another area where AI-enhanced localization can help teach these criminals the importance of certain languages, symbols, special interest groups, and regional events. This is used to spread disinformation and manipulate the public through social media and other forums. Some nation-state threat actors will use disinformation tactics to monitor individuals and groups that are seen as threats to the home government. This activity is part of a larger government effort to suppress dissent.

Even the low-skilled threat actor can create a global phishing campaign with something like FraudGPT.  This improves opportunities around foreign holidays, natural disasters, and even pandemic response.

Protect yourself from malicious content.

As with most threats, there’s no single method to protect yourself from attacks created or enhanced by AI, but there are some best practices you can follow:

Barracuda can help.

Navigating the complex landscape of cybersecurity and AI can be difficult. Download our new e-book to see how we can help you make sense of the risks and opportunities.